Usually a client will present a password prompt to the End-User and will then issue the request including the correct Authorization header.

The realm value should be considered an opaque string which can only be compared for equality with other realms on that server. The server will service the request only if it can validate the userId and password for the protection space of the Request-URI.